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DETAILED ACTION 

This action is in response to the Arguments filed on September 13, 2005. 
Claims 1,16, and 27 have been amended by the Applicant. 
Claims 1-51 are herein considered. 

Response to Arguments 

Applicant's arguments filed September 13, 2005 have been fully considered but 
they are not persuasive. 

The Applicant's arguments concern Paters failure to disclose retrieving a 
workflow for corresponding to a request from a set of workflows, wherein the workflow 
corresponds to a set of characteristics for the user, wherein the set of user 
characteristics includes a user type, and wherein the different workflows correspond to 
different sets of characteristics for the users. The Examiner respectfully disagrees with 
the Applicant's contentions and would like to draw the Applicant's attention to sections 
wherein Patel discloses how one of his objectives is "master registration applications 
including policy exit components for customizing registration application behavior 
consistent with customer requirements" (col. 3 lines 25-27) and disclosing "a variety of 
enrollment approaches" all of which are "easily customized to meet specific customer 
requirements in areas that include content and appearance" (col.6 lines 14-17). 
Conversely, as part of the RA review "the RA may need to perform additional 
verification of the applicant's request as determined by an organization's policy" (col. 5 
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lines 5-8). However, in the majority of cases, the RA has no function as the majority of 
decisions in regards to approving, rejecting, and renewing certificates is automated 
according to the policy exits set by the customer in conjunction with those set by the 
system and the core business rules embodied in the processes which govern certificate 
issuances (col. 7 lines 3-8, 20-24; col. 8 lines 8-26). The specific actions taken in 
response to a request, follows a core set of rules (or workflow as the Applicant prefers 
to call them). For example, Patel provides the situation in which the incoming requests 
are broken up according to the last name of the person applying for the application, and 
from there it is decided which RA administrator would decide whether or not to grant the 
user's request (coL8 lines 48-58). The RA administrator relies upon the RA database 
which is the repository of all the information known about the application, including the 
certification application and toe actions associated with processing the certificate 
request (col. 8 lines 59-61). Associated vault certificates allow RA administrators to 
perform duties on entire domains of applications at once, by allowing them to define a 
set of resources, policies, and configuration options related to specific registration 
processes corresponding to specific domains (col. 9 lines 40-47). In order to partition 
the applications into domains under different RAs, Patel utilizes the information 
collected from the user with the request for the certificate including information about 
the end user, characteristics such as the beginning initial of their last name for example 
(col. 3 lines 49-51). Distinctions are also made between those users who can use the 
default enrollment approaches and those who require a custom approach, those of the 
first type are sent into the vault registration application enrollment facilities, and those of 
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the second type are routed past the facilities in order to work directly with the RAs (col.6 
lines 44-51) where the security of the overall process is determined by the strength of 
the customer's implementation of the vault registration application (col.6 lines 51-55). It 
is clear from these sections that Patel's system includes the use of workflows or rules 
and policies as he refers to them, in order to filter arriving applications according to user 
specifications such as those who can and cannot use default applications, those whose 
names begin with a certain letter, and other various user types, wherein each different 
characteristic is accompanied by a different workflow. 

In view of the arguments previous, Examiner respectfully disagrees with the 
Applicant's argument that Patel fails to disclose retrieving a workflow for corresponding 
to a request from a set of workflows, wherein the workflow corresponds to a set of 
characteristics for the user, wherein the set of user characteristics includes a user type, 
and wherein the different workflows correspond to different sets of characteristics for the 
users. As a result, the Examiner maintains the 35 U.S.C. 102(e) rejections a provided 
below. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
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only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-52 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Patel et al., U.S. Patent No. 6,438,690 B1. 

As per claim 1 , Patel discloses a method comprising the steps of: 

(a) receiving a request for a certificate related action for a user; and (b) retrieving 
a workflow (policy) for responding to said request from a set of workflows (policies), 
wherein said workflow corresponds to said certificate related action and a set of 
characteristics (applicant registration information) for said user (col. 4 line 65 thru col. 5 
line 14) including a user type. 

As per claim 2, Patel discloses the method of claim 1, wherein said set of 
workflows includes a plurality of workflows for responding to said certificate related 
action and wherein each workflow in said plurality of workflows corresponds to a 
different set of characteristics for a user (col. 9 lines 14-22, 30-32). 

As per claim 3, Patel discloses the method of claim 2, wherein a first workflow in 
said plurality of workflows contains a first set of directives and a second workflow in said 
plurality of workflows contains a second set of directives, wherein said first set of 
directives is different from said second set of directives (col. 5 lines 39-43; col. 9 lines 45- 
47). 

As per claim 4, Patel discloses the method of claim 3, wherein said certificate 
related action certificate enrollment action, wherein said first workflow in said plurality of 
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workflows calls for obtaining an approval before issuing a certificate and wherein said 
second workflow in said plurality of workflows does not call for obtaining an approval 
before issuing a certificate (col. 7 lines 17-24). 

As per claim 5, Patel discloses the method of claim 3, wherein said certificate 
related action certificate renewal action, wherein said first workflow in said plurality of 
workflows calls for retrieving an approval before renewing a certificate and wherein said 
second workflow in said plurality of workflows does not call for retrieving an approval 
before renewing a certificate (col.7 lines 17-24 reference "enrollment"; Fig 2 reference 
"Renew cert" within "Enrollment"). 

As per claim 6, Patel discloses the method of claim 3, wherein said certificate 
related action is a certificate revocation action (col. 5 lines 39-42). 

As per claim 7, Patel discloses the method of claim 3, further including the step 
of: receiving said plurality of workflows (col.7 lines 51-58). 

As per claim 8, Patel discloses the method of claim 1 , wherein said method 
further includes the step of: (d) performing said workflow, wherein said step (d) includes 
the steps of: (1) retrieving an approval response; and (col. 5 lines 15-20); (2) obtaining a 
certificate (col. 5 lines 21-25). 

As per claim 9, Patel discloses the method of claim 8, further including the steps 
of: (e) receiving a second request for a second certificate related action for a second 
user (col. 6 lines 9-1 1 ; col. 8 lines 51-53); (f) retrieving a second workflow for responding 
to said second request from said set of workflows, wherein said second workflow 
corresponds to said second certificate related action and a set of characteristics for said 
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second user (col.7 lines 9-1 5); and (g) performing said second workflow, wherein said 
step (g) includes the step of: obtaining a second certificate without retrieving an 
approval response (col.7 lines 20-24) (col. 9 lines 14-16; col. 14 lines 42-44). 

As per claim 10, Patel disclose the method of claim 9, wherein said certificate 
related action is a certificate enrollment action and said second certificate related action 
is a certificate enrollment action (col. 9 lines 14-22). 

As per claim 1 1 , Patel discloses the method of claim 9, wherein said certificate 
related action is a certificate renewal action and said second certificate related action is 
a certificate renewal action (col. 9 lines 14-22). 

As per claim 1 2, Patel discloses the method of claim 1 , further including the step 
of: (h) performing said workflow, wherein said certificate related action is a certificate 
enrollment action (col.4 lines 58-64) and wherein said step (h) includes the step of: (1) 
obtaining a certificate, wherein said step (h)(1) includes the steps of: (i) authenticating 
said user (col. 5 lines 5-18); (ii) forwarding said request to a (Certificate Authority) 
Certificate Processing Server (col. 5 lines 15-20); (iii) receiving said certificate; and 
storing said certificate (col. 5 lines 21-25). 

As per claim 13, Patel discloses the method of claim 1 , further including the step 
of: (j) performing said workflow, wherein said certificate related action is a certificate 
renewal action (col.8 lines 8-17) and wherein said step (j) includes the step of: (1) 
obtaining a certificate renewal, wherein said step (j)(1) includes the steps of: (i) 
authenticating said user (col. 5 lines 5-18); (ii) forwarding said request to a Certificate 
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Processing Server (col. 5 lines 15-20); and (iii) receiving a certificate renewal 
acknowledgement (col. 5 lines 21-25). 

As per claim 14, Patel discloses the method of claim 1 1 further including the step 
of: (k) performing said workflow, wherein said certificate related action is a certificate 
revocation action (col.8 lines 8-17) and wherein said step (k) includes the step of: 
revoking a certificate, wherein said step (k)(1) includes the steps of: (i) authenticating 
said user (col. 5 lines 5-18); and (ii) forwarding said request to a Certificate Processing 
Server (col.5 lines 15-20). 

As per claim 15, Patel discloses the method of claim 1 , wherein said steps (a) 
and (b) are performed by an Identity System (Certification Authority) in communication 
with an Access System (Registration Authority and Vault) (Abstract; Figure 1) 

Claims 16-19 are directed towards a system's implementation of the method of 
claims 1-4 and are rejected by similar rationale. 

Claim 20 is directed towards a system's implementation of the method of claim 7 
and is rejected by similar rationale. 

Claims 21 and 22 are directed towards a system's implementation of the method 
of claims 9 and 10 and are rejected by similar rationale. 

Claims 23-26 are directed towards a system's implementation of the method of 
claims 12-15 and are rejected by similar rationale. 

Claims 27-30 are directed towards an apparatus' implementation of the method 
of claims 1-4 and are rejected by similar rationale. 
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Claim 31 is directed towards an apparatus 1 implementation of the method of 
claim 7 and is rejected by similar rationale. 

Claims 32 and 33 are directed towards an apparatus 1 implementation of the 
method of claims 9 and 10 and are rejected by similar rationale. 

Claims 34-37 are directed towards an apparatus' implementation of the method 
of claims 12-15 and are rejected by similar rationale. 

Claim 38 is directed towards the method of claim 2 and is rejected by similar 
rationale. 

Claims 39, 40, and 42 are directed towards the method of claims 7, 9, and 15 
and are rejected by similar rationale. 

Claim 41 is directed towards a broader form of the method of claims 10 and 1 1 
and is rejected by similar rationale. 

Claim 43 is directed towards a system's implementation of the method of claim 2 
and is rejected by similar rationale. 

Claims 44, 45, and 47 are directed towards a system's implementation of the 
method of claims 7, 9, and 15 and are rejected by similar rationale. 

Claim 46 is directed towards a broader form of a system's implementation of the 
method of claims 10 and 1 1 and is rejected by similar rationale. 

Claim 48 is directed towards an apparatus's implementation of the method of 
claim 2 and is rejected by similar rationale. 

Claims 49, 50, and 52 are directed towards an apparatus 1 implementation of the 
method of claims 7, 9, and 15 and are rejected by similar rationale. 
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Claim 51 is directed towards a broader form of an apparatus' implementation of 
the method of claims 10 and 1 1 and is rejected by similar rationale. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tamara Teslovich whose telephone number is (571) 

272- 4241. The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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